Code Review
/
vpp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
ipsec: IPSec protection for multi-point tunnel interfaces
[vpp.git]
/
src
/
vnet
/
ipsec
/
ipsec_cli.c
diff --git
a/src/vnet/ipsec/ipsec_cli.c
b/src/vnet/ipsec/ipsec_cli.c
index
e412160
..
1ab8bd9
100644
(file)
--- a/
src/vnet/ipsec/ipsec_cli.c
+++ b/
src/vnet/ipsec/ipsec_cli.c
@@
-391,7
+391,7
@@
ipsec_spd_bindings_show_all (vlib_main_t * vm, ipsec_main_t * im)
static walk_rc_t
ipsec_tun_protect_show_one (index_t itpi, void *ctx)
{
static walk_rc_t
ipsec_tun_protect_show_one (index_t itpi, void *ctx)
{
- vlib_cli_output (ctx, "%U", format_ipsec_tun_protect, itpi);
+ vlib_cli_output (ctx, "%U", format_ipsec_tun_protect
_index
, itpi);
return (WALK_CONTINUE);
}
return (WALK_CONTINUE);
}
@@
-728,6
+728,7
@@
create_ipsec_tunnel_command_fn (vlib_main_t * vm,
unformat_input_t _line_input, *line_input = &_line_input;
ip46_address_t local_ip = ip46_address_initializer;
ip46_address_t remote_ip = ip46_address_initializer;
unformat_input_t _line_input, *line_input = &_line_input;
ip46_address_t local_ip = ip46_address_initializer;
ip46_address_t remote_ip = ip46_address_initializer;
+ ip_address_t nh = IP_ADDRESS_V4_ALL_0S;
ipsec_crypto_alg_t crypto_alg;
ipsec_integ_alg_t integ_alg;
ipsec_sa_flags_t flags;
ipsec_crypto_alg_t crypto_alg;
ipsec_integ_alg_t integ_alg;
ipsec_sa_flags_t flags;
@@
-808,6
+809,8
@@
create_ipsec_tunnel_command_fn (vlib_main_t * vm,
;
else if (unformat (line_input, "del"))
is_add = 0;
;
else if (unformat (line_input, "del"))
is_add = 0;
+ else if (unformat (line_input, "nh &U", unformat_ip_address, &nh))
+ ;
else
{
error = clib_error_return (0, "unknown input `%U'",
else
{
error = clib_error_return (0, "unknown input `%U'",
@@
-842,7
+845,8
@@
create_ipsec_tunnel_command_fn (vlib_main_t * vm,
rv =
ipip_add_tunnel (ipv6_set ? IPIP_TRANSPORT_IP6 : IPIP_TRANSPORT_IP4,
instance, &local_ip, &remote_ip, fib_index,
rv =
ipip_add_tunnel (ipv6_set ? IPIP_TRANSPORT_IP6 : IPIP_TRANSPORT_IP4,
instance, &local_ip, &remote_ip, fib_index,
- IPIP_TUNNEL_FLAG_NONE, IP_DSCP_CS0, &sw_if_index);
+ TUNNEL_ENCAP_DECAP_FLAG_NONE, IP_DSCP_CS0,
+ TUNNEL_MODE_P2P, &sw_if_index);
rv |=
ipsec_sa_add_and_lock (ipsec_tun_mk_local_sa_id (sw_if_index),
local_spi, IPSEC_PROTOCOL_ESP, crypto_alg,
rv |=
ipsec_sa_add_and_lock (ipsec_tun_mk_local_sa_id (sw_if_index),
local_spi, IPSEC_PROTOCOL_ESP, crypto_alg,
@@
-857,7
+861,7
@@
create_ipsec_tunnel_command_fn (vlib_main_t * vm,
clib_host_to_net_u32 (salt), &remote_ip,
&local_ip, NULL);
rv |=
clib_host_to_net_u32 (salt), &remote_ip,
&local_ip, NULL);
rv |=
- ipsec_tun_protect_update_one (sw_if_index,
+ ipsec_tun_protect_update_one (sw_if_index,
&nh,
ipsec_tun_mk_local_sa_id (sw_if_index),
ipsec_tun_mk_remote_sa_id
(sw_if_index));
ipsec_tun_mk_local_sa_id (sw_if_index),
ipsec_tun_mk_remote_sa_id
(sw_if_index));
@@
-901,6
+905,7
@@
ipsec_tun_protect_cmd (vlib_main_t * vm,
{
unformat_input_t _line_input, *line_input = &_line_input;
u32 sw_if_index, is_del, sa_in, sa_out, *sa_ins = NULL;
{
unformat_input_t _line_input, *line_input = &_line_input;
u32 sw_if_index, is_del, sa_in, sa_out, *sa_ins = NULL;
+ ip_address_t peer = { };
vnet_main_t *vnm;
is_del = 0;
vnet_main_t *vnm;
is_del = 0;
@@
-923,13
+928,15
@@
ipsec_tun_protect_cmd (vlib_main_t * vm,
else if (unformat (line_input, "%U",
unformat_vnet_sw_interface, vnm, &sw_if_index))
;
else if (unformat (line_input, "%U",
unformat_vnet_sw_interface, vnm, &sw_if_index))
;
+ else if (unformat (line_input, "%U", unformat_ip_address, &peer))
+ ;
else
return (clib_error_return (0, "unknown input '%U'",
format_unformat_error, line_input));
}
if (!is_del)
else
return (clib_error_return (0, "unknown input '%U'",
format_unformat_error, line_input));
}
if (!is_del)
- ipsec_tun_protect_update (sw_if_index, sa_out, sa_ins);
+ ipsec_tun_protect_update (sw_if_index,
&peer,
sa_out, sa_ins);
unformat_free (line_input);
return NULL;
unformat_free (line_input);
return NULL;